Ghidra is a Software Reverse Engineering (SRE) Framework developed by the National Security Agency Research Directorate for NSA’s cybersecurity mission. It was created with aim to help all pentesters and cybersecurity professionals with reverse engineering, analyzing code for malware and viruses, to understand potential vulnerabilities in systems/networks, etc.
Ghidra: SRE [Software Reverse Engineering ] Framework
Ghidra SRE tool was built to provide a customizable and extensible reverse engineering platform which will solve all scaling problems that cybersecurity experts and teams encounter on a daily basis. In addition, NSA hopes that Ghidra is going to improve cybersecurity education trough school, cybersecurity training and similar activities.
- Ghidra is completely free and open source available for both experienced cybersecurity professionals and those who just have started.
- Includes plenty of software analysis tools for compiled code analysis.
Linux(64-bit, CentOS recommended/preferred),
OS X 10.8.3+,
- It’s capable of disassembling, assembling, decompilation, graphic/scripting, etc. It has a processor modeling language
Sleighthat specifies how machine language instructions are dissembled and transformed into a
P-code(tool’s intermediate presentation).
- Ghidra can be run in both interactive GUI and automated modes. It also supports a number of processor instruction sets and executable formats.
- It allows you to develop your own plugins and scripts using the exposed API (
- And so much more.
Java 11(JDK): It’s suggested to use OpenJDK distributed from jdk.java.net.
Hardware:– 4+ GB RAM, 1 GB storage (to install Ghidra binaries), Dual monitors (optional & suggested).
Linux / OS X
- Download the zip file.
- Extract the
.tar.gzfile to your desired location:
~/.bashrcwith editor of your choice and add the following to the
- Save file and restart all open terminals.
$ tar -xvf <JDK_dist.tar.gz>
export PATH=<path of extracted JDK dir>/bin:$PATH
- Extract the zip file (JDK distribution): Right click -> Extract all.
- Open environment variables window:
Windows 7– Start button → Computer → Properties.
Windows 10:Start button -> System.
- Click Advanced system settings
- Click Environment variables
- Add the JDK to the
- System variables: highlight
PATHand click edit
- Add semicolon followed by
<path of extracted JDK dir>\bin
- Click OK…
- System variables: highlight
To start Ghidra in GUI mode, run
ghidraRun.bat (Windows) or
ghidraRun (Linux or macOS). You can also run it in a Headless Batch mode using command line, or in Single Jar Mode. For more information, click on the “documentation” button below.
- Tutorials/docu can be found in
- To access
Helpon a topic, press
Helpon any menu item or dialog.
- When Ghidra is running, indexed help can be found under
Help → Topics…
- Eclipse: plugin for a pre-existing Eclipse installation. For more information see:
- Ghidra: Ghidra extensions – contribs. See Ghidra Extension Notes for more information.
- IDAPro: IDAPro plugins/loaders for transferring items with Ghidra.